From 03c642d88ae3bec58d9cfc1745de7e8d57a52dd7 Mon Sep 17 00:00:00 2001 From: Klaus Basan Date: Wed, 31 Aug 2016 17:13:40 +0200 Subject: [PATCH] refs #751, detect invalid JSON message (which normally means a PHP error message in HTML) * utility function to remove HTML parts * adjustments --- src/blackcore/db/databaseauthentication.cpp | 8 +++++++- src/blackmisc/db/datastoreutility.cpp | 5 +++-- src/blackmisc/network/networkutils.cpp | 9 +++++++++ src/blackmisc/network/networkutils.h | 5 +++-- 4 files changed, 22 insertions(+), 5 deletions(-) diff --git a/src/blackcore/db/databaseauthentication.cpp b/src/blackcore/db/databaseauthentication.cpp index a5217b300..2e305f61c 100644 --- a/src/blackcore/db/databaseauthentication.cpp +++ b/src/blackcore/db/databaseauthentication.cpp @@ -109,12 +109,18 @@ namespace BlackCore if (nwReply->error() == QNetworkReply::NoError) { - QString json(nwReply->readAll()); + const QString json(nwReply->readAll().trimmed()); if (json.isEmpty()) { CLogMessage(this).error("Authentication failed, no response from %1") << urlString; return; } + if (!json.startsWith('{') || !json.endsWith('}')) + { + CLogMessage(this).error("Illegal JSON object: %1") << CNetworkUtils::removeHtmlPartsFromPhpErrorMessage(json); + return; + } + QJsonObject jsonObj(Json::jsonObjectFromString(json)); CAuthenticatedUser user(CAuthenticatedUser::fromDatabaseJson(jsonObj)); diff --git a/src/blackmisc/db/datastoreutility.cpp b/src/blackmisc/db/datastoreutility.cpp index 5adb12e37..e9b85f2e6 100644 --- a/src/blackmisc/db/datastoreutility.cpp +++ b/src/blackmisc/db/datastoreutility.cpp @@ -11,6 +11,7 @@ #include "blackmisc/logcategory.h" #include "blackmisc/logcategorylist.h" #include "blackmisc/simulation/aircraftmodellist.h" +#include "blackmisc/network/networkutils.h" #include "blackmisc/statusmessage.h" #include "blackmisc/statusmessagelist.h" #include "blackmisc/stringutils.h" @@ -24,6 +25,7 @@ using namespace BlackMisc; using namespace BlackMisc::Simulation; +using namespace BlackMisc::Network; namespace BlackMisc { @@ -97,8 +99,7 @@ namespace BlackMisc // no object -> most likely some fucked up HTML string with the PHP error if (!jsonDoc.isObject()) { - QString phpError(jsonResponse); - phpError.remove(QRegExp("<[^>]*>")); + const QString phpError(CNetworkUtils::removeHtmlPartsFromPhpErrorMessage(jsonResponse)); messages.push_back(CStatusMessage(cats, CStatusMessage::SeverityError, phpError)); return false; } diff --git a/src/blackmisc/network/networkutils.cpp b/src/blackmisc/network/networkutils.cpp index 3520b451b..4e95295dd 100644 --- a/src/blackmisc/network/networkutils.cpp +++ b/src/blackmisc/network/networkutils.cpp @@ -28,6 +28,7 @@ #include #include #include +#include using namespace BlackConfig; using namespace BlackMisc; @@ -278,5 +279,13 @@ namespace BlackMisc } return -1; } + + QString CNetworkUtils::removeHtmlPartsFromPhpErrorMessage(const QString &errorMessage) + { + if (errorMessage.isEmpty()) { return errorMessage; } + QString phpError(errorMessage); + static const QRegularExpression regEx("<[^>]*>"); + return phpError.remove(regEx); + } } // namespace } // namespacee diff --git a/src/blackmisc/network/networkutils.h b/src/blackmisc/network/networkutils.h index 3bd04ef75..90c329789 100644 --- a/src/blackmisc/network/networkutils.h +++ b/src/blackmisc/network/networkutils.h @@ -39,7 +39,6 @@ namespace BlackMisc class BLACKMISC_EXPORT CNetworkUtils { public: - //! Request type enum RequestType { @@ -125,6 +124,9 @@ namespace BlackMisc //! Last modified from reply static qint64 lastModifiedMsSinceEpoch(QNetworkReply *nwReply); + //! Remove the HTML formatting from a PHP error message + static QString removeHtmlPartsFromPhpErrorMessage(const QString &errorMessage); + private: //! Hidden constructor CNetworkUtils() {} @@ -133,4 +135,3 @@ namespace BlackMisc } // namespace #endif // guard -